New-AzureRmFirewall

Creates a new Firewall in a resource group.

Warning

The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.

Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.

Syntax

New-AzureRmFirewall
   -Name <String>
   -ResourceGroupName <String>
   -Location <String>
   [-VirtualNetworkName <String>]
   [-PublicIpName <String>]
   [-ApplicationRuleCollection <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSAzureFirewallApplicationRuleCollection]>]
   [-NatRuleCollection <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSAzureFirewallNatRuleCollection]>]
   [-NetworkRuleCollection <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSAzureFirewallNetworkRuleCollection]>]
   [-Tag <Hashtable>]
   [-Force]
   [-AsJob]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzureRmFirewall cmdlet creates an Azure Firewall.

Examples

1: Create a Firewall attached to a virtual network

New-AzureRmFirewall -Name "azFw" -ResourceGroupName "rg" -Location centralus -VirtualNetworkName "vnet" -PublicIpName "pip-name"

This example creates a Firewall attached to virtual network "vnet" in the same resource group as the firewall. Since no rules were specified, the firewall will block all traffic (default behavior).

2: Create a Firewall which allows all HTTPS traffic

$rule = New-AzureRmFirewallApplicationRule -Name R1 -Protocol "https:443" -TargetFqdn "*" 
$ruleCollection = New-AzureRmFirewallApplicationRuleCollection -Name RC1 -Priority 100 -Rule $rule -ActionType "Allow"
New-AzureRmFirewall -Name "azFw" -ResourceGroupName "rg" -Location centralus -VirtualNetworkName "vnet" -PublicIpName "pip-name" -ApplicationRuleCollection $ruleCollection

This example creates a Firewall which allows all HTTPS traffic on port 443.

3: DNAT - redirect traffic destined to 10.1.2.3:80 to 10.2.3.4:8080

$rule = New-AzureRmFirewallNatRule -Name "natRule" -Protocol "TCP" -SourceAddress "*" -DestinationAddress "10.1.2.3" -DestinationPort "80" -TranslatedAddress "10.2.3.4" -TranslatedPort "8080"
$ruleCollection = New-AzureRmFirewallNatRuleCollection -Name "NatRuleCollection" -Priority 1000 -Rule $rule
New-AzureRmFirewall -Name "azFw" -ResourceGroupName "rg" -Location centralus -NatRuleCollection $ruleCollection

This example created a Firewall which translated the destination IP and port of all packets destined to 10.1.2.3:80 to 10.2.3.4:8080

Parameters

-ApplicationRuleCollection

Specifies the collections of application rules for the new Firewall.

Type:List<T>[PSAzureFirewallApplicationRuleCollection]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-AsJob

Run cmdlet in the background

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Location

Specifies the region for the Firewall.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Name

Specifies the name of the Azure Firewall that this cmdlet creates.

Type:String
Aliases:ResourceName
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-NatRuleCollection

The list of AzureFirewallNatRuleCollections

Type:List<T>[PSAzureFirewallNatRuleCollection]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-NetworkRuleCollection

The list of AzureFirewallNetworkRuleCollections

Type:List<T>[PSAzureFirewallNetworkRuleCollection]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-PublicIpName

Public Ip Name. The Public IP must use Standard SKU and must belong to the same resource group as the Firewall.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ResourceGroupName

Specifies the name of a resource group to contain the Firewall.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Tag

Key-value pairs in the form of a hash table. For example:

@{key0="value0";key1=$null;key2="value2"}

Type:Hashtable
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-VirtualNetworkName

Specifies the name of the virtual network for which the Firewall will be deployed. Virtual network and Firewall must belong to the same resource group.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

This cmdlet does not accept any input.

Outputs

Microsoft.Azure.Commands.Network.Models.PSFirewall